Added container.privileged field (#2219)

* added `container.privileged` field

* Added new field to CHANGELOG.next.md

* Rebuilt artifacts

CHANGELOG.next.md

@@ -15,6 +15,7 @@ Thanks, you're awesome :-) -->
 #### Bugfixes
 
 #### Added
+* Added `container.privileged` to indicated whether a container was started in privileged mode. #2219
 
 #### Improvements
 

docs/fields/field-details.asciidoc

@@ -1213,6 +1213,22 @@ type: long
 
 
 
+| extended
+
+// ===============================================================
+
+|
+[[field-container-privileged]]
+<<field-container-privileged, container.privileged>>
+
+a| Indicates whether the container is running in privileged mode.
+
+type: bool
+
+
+
+
+
 | extended
 
 // ===============================================================

experimental/generated/beats/fields.ecs.yml

@@ -944,6 +944,11 @@
       description: The number of bytes received (gauge) on all network interfaces
         by the container since the last metric collection.
       default_field: false
+    - name: privileged
+      level: extended
+      type: bool
+      description: Indicates whether the container is running in privileged mode.
+      default_field: false
     - name: runtime
       level: extended
       type: keyword

experimental/generated/csv/fields.csv

@@ -99,6 +99,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.10.0-dev+exp,true,container,container.name,keyword,extended,,,Container name.
 8.10.0-dev+exp,true,container,container.network.egress.bytes,long,extended,,,The number of bytes sent on all network interfaces.
 8.10.0-dev+exp,true,container,container.network.ingress.bytes,long,extended,,,The number of bytes received on all network interfaces.
+8.10.0-dev+exp,true,container,container.privileged,bool,extended,,,Indicates whether the container is running in privileged mode.
 8.10.0-dev+exp,true,container,container.runtime,keyword,extended,,docker,Runtime managing this container.
 8.10.0-dev+exp,true,data_stream,data_stream.dataset,constant_keyword,extended,,nginx.access,The field can contain anything that makes sense to signify the source of the data.
 8.10.0-dev+exp,true,data_stream,data_stream.namespace,constant_keyword,extended,,production,A user defined namespace. Namespaces are useful to allow grouping of data.

experimental/generated/ecs/ecs_flat.yml

@@ -1183,6 +1183,15 @@ container.network.ingress.bytes:
   normalize: []
   short: The number of bytes received on all network interfaces.
   type: long
+container.privileged:
+  dashed_name: container-privileged
+  description: Indicates whether the container is running in privileged mode.
+  flat_name: container.privileged
+  level: extended
+  name: privileged
+  normalize: []
+  short: Indicates whether the container is running in privileged mode.
+  type: bool
 container.runtime:
   dashed_name: container-runtime
   description: Runtime managing this container.

experimental/generated/ecs/ecs_nested.yml

@@ -1562,6 +1562,15 @@ container:
       normalize: []
       short: The number of bytes received on all network interfaces.
       type: long
+    container.privileged:
+      dashed_name: container-privileged
+      description: Indicates whether the container is running in privileged mode.
+      flat_name: container.privileged
+      level: extended
+      name: privileged
+      normalize: []
+      short: Indicates whether the container is running in privileged mode.
+      type: bool
     container.runtime:
       dashed_name: container-runtime
       description: Runtime managing this container.

experimental/generated/elasticsearch/composable/component/container.json

@@ -91,6 +91,9 @@
                 }
               }
             },
+            "privileged": {
+              "type": "bool"
+            },
             "runtime": {
               "ignore_above": 1024,
               "type": "keyword"

experimental/generated/elasticsearch/legacy/template.json

@@ -560,6 +560,9 @@
               }
             }
           },
+          "privileged": {
+            "type": "bool"
+          },
           "runtime": {
             "ignore_above": 1024,
             "type": "keyword"

generated/beats/fields.ecs.yml

@@ -894,6 +894,11 @@
       description: The number of bytes received (gauge) on all network interfaces
         by the container since the last metric collection.
       default_field: false
+    - name: privileged
+      level: extended
+      type: bool
+      description: Indicates whether the container is running in privileged mode.
+      default_field: false
     - name: runtime
       level: extended
       type: keyword

generated/csv/fields.csv

@@ -92,6 +92,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.10.0-dev,true,container,container.name,keyword,extended,,,Container name.
 8.10.0-dev,true,container,container.network.egress.bytes,long,extended,,,The number of bytes sent on all network interfaces.
 8.10.0-dev,true,container,container.network.ingress.bytes,long,extended,,,The number of bytes received on all network interfaces.
+8.10.0-dev,true,container,container.privileged,bool,extended,,,Indicates whether the container is running in privileged mode.
 8.10.0-dev,true,container,container.runtime,keyword,extended,,docker,Runtime managing this container.
 8.10.0-dev,true,data_stream,data_stream.dataset,constant_keyword,extended,,nginx.access,The field can contain anything that makes sense to signify the source of the data.
 8.10.0-dev,true,data_stream,data_stream.namespace,constant_keyword,extended,,production,A user defined namespace. Namespaces are useful to allow grouping of data.

generated/ecs/ecs_flat.yml

@@ -1114,6 +1114,15 @@ container.network.ingress.bytes:
   normalize: []
   short: The number of bytes received on all network interfaces.
   type: long
+container.privileged:
+  dashed_name: container-privileged
+  description: Indicates whether the container is running in privileged mode.
+  flat_name: container.privileged
+  level: extended
+  name: privileged
+  normalize: []
+  short: Indicates whether the container is running in privileged mode.
+  type: bool
 container.runtime:
   dashed_name: container-runtime
   description: Runtime managing this container.

generated/ecs/ecs_nested.yml

@@ -1482,6 +1482,15 @@ container:
       normalize: []
       short: The number of bytes received on all network interfaces.
       type: long
+    container.privileged:
+      dashed_name: container-privileged
+      description: Indicates whether the container is running in privileged mode.
+      flat_name: container.privileged
+      level: extended
+      name: privileged
+      normalize: []
+      short: Indicates whether the container is running in privileged mode.
+      type: bool
     container.runtime:
       dashed_name: container-runtime
       description: Runtime managing this container.

generated/elasticsearch/composable/component/container.json

@@ -91,6 +91,9 @@
                 }
               }
             },
+            "privileged": {
+              "type": "bool"
+            },
             "runtime": {
               "ignore_above": 1024,
               "type": "keyword"

generated/elasticsearch/legacy/template.json

@@ -518,6 +518,9 @@
               }
             }
           },
+          "privileged": {
+            "type": "bool"
+          },
           "runtime": {
             "ignore_above": 1024,
             "type": "keyword"

schemas/container.yml

@@ -121,6 +121,13 @@
         The number of bytes (gauge) sent out on all network interfaces by the
         container since the last metric collection.
 
+    - name: privileged
+      type: bool
+      level: extended
+      short: Indicates whether the container is running in privileged mode.
+      description: >
+        Indicates whether the container is running in privileged mode.
+
     - name: runtime
       level: extended
       type: keyword